Medical devices are incorporating a significant amount of software to
achieve higher levels of functionality,
more robust and reliable operations,
and greater resiliency by detecting
and managing a complex set of error
conditions. This increase in software
content has resulted in some widely
publicized device failures, including
some deaths. As a result, the U.S. Food
and Drug Administration (FDA) has
implemented extra requirements on
software. In this article, we will share
the software techniques that we used
for the verification for a Class III heart
pump. Since the functional requirements for this instrument include
hundreds of different alarm conditions,
a large portion of its software is dedicated to dealing with error conditions
and alarm reports. All of them had to
be thoroughly documented and verified
for FDA approval.

Software Complexity

Device safeguards and error handlingaccounted for 50 to 80 percent of theactual software code and about 70percent of the software developmentchallenges. The basic code we creat-ed to manage the input and outputmeasurements and to control the speedof the pump's motor was relativelysimple. However, but the additionalfunctions needed to insure that it kepton running under nearly any conceiv-able error condition (including powercord disconnection) added significantlyto the complexity of the final design.Understanding this source of complexi-ty allows you to be more predictable inmanaging software projects and lowerthe risk with careful planning and man-agement of the software complexity.

Built-in Diagnostics

Device safeguards include several typesof diagnostics:• Startup Diagnostics - These auto-matic self-tests are performed whenthe device is first turned on• Run-Time Diagnostics - Thesereal-time tests are performed todiagnose faults during the operationof the device• Extended Diagnostics - These testscontain a suite of diagnostics thatwill test the device under usercontrol